Ict4peace Founda)On

ICT4Peace Foundaon

ICT4Peace, Crisis Informaon Management and Cybersecurity Policy

Dr. Daniel Stauﬀacher, President, ICT4Peace Foundaon www.ict4peace.org

The UN World Summit on the Information Society (WSIS) in Geneva 2003 and Tunis 2005

• Paragraph 36 of the World Summit on the Information Society (WSIS) Tunis Declaration (2005):

• “36. We value the potential of ICTs to promote peace and to prevent conflict which, inter alia, negatively affects achieving development goals. ICTs can be used for identifying conflict situations through early- warning systems preventing conflicts, promoting their peaceful resolution, supporting humanitarian action, including protection of civilians in armed conflicts, facilitating peacekeeping missions, and assisting post conflict peace-building and reconstruction.”between peoples, communities and stakeholders involved in crisis management, humanitarian aid and peacebuilding. ICT4Peace interlinked Areas of Work:

1. CRISIS Informaon Management (Humanitarian, Peacekeeping and Human Rights) including using ICTs, new media etc.

2. Cyber Security Policy Research, Diplomacy and Capacity Building ICT4Peace interlinked Areas of Work:

1. CRISIS Informaon Management including using ICTs, new media etc.

2. Cyber Security Policy and Diplomacy New Tools: Mapping and Crowdsourcing for CiM - Learning from Kenya 2007, Hai 2010, Libya, Typhoon Yolanda etc. etc. Information break-down in crisis situation

•Twier •Flickr •Blogs •SMS / MMS / Mobiles New media •Social networks •GIS •Crowdsourcing •Drones

•CNN / BBC / Al Jazeera Mainstream •Local / Naonal TV and radio •Print media (mainstream / regional) media •Alternave print media

•Sit reps Tradional •Open Data Open Gov Data •Humanitarian Informaon Centres •Agency databases / email lists Sources •Personal contacts / relaonships

8 UN Secretary-General 2010 Crisis Informaon Strategy (A/65/491)

• Crisis information management strategy. The Crisis Information Management Strategy is based on the recognition that the United Nations, its Member States, constituent agencies and non-governmental organizations need to improve such information management capacity in the identiﬁcation, prevention, mitigation, response and recovery of all types of crises, natural as well as man- made. The strategy will leverage and enhance this capacity and provide mechanisms to integrate and share information across the United Nations system.

• The Office of Information and Communications Technology (CITO), together with the Office for the Coordination of Humanitarian Affairs (OCHA), the Department of Peacekeeping Operations and the Department of Field Suppor (DPKO and DFS), has worked closely with United Nations organizations such as the Office of the United Nations High Commissioner for Refugees (UNHCR), the United Nations Children’s Fund (UNICEF), the United Nations Development Programme (UNDP) and WFP and other entities such as the ICT for Peace Foundation in developing and implementing this strategy. It is envisaged that membership will be expanded to include other United Nations organizations in the near future. CIM Strategy

CiMS Business Drivers Vision Technology Drivers

STRATEGIC PROGRAMMES

Informaon Technology Stakeholder Capacity Architecture/ Development Management Building Governance

Crical Success Factors •Leadership • Funding • Evaluaon • Incrementalism

Outcomes CiM Training Course for IM using ICTs and big data, social and new media, ENTRI Course in Cooperation with ZIF and FBA Examples of further ICT4Peace work, including Using ICTs for elecon monitoring, Constuon building etc.

The Cybersecurity Challenge

• Many states are pursuing military cyber-capabilies: UNIDIR Cyber Index: more than 114 naonal cyber security programs world-wide, more than 45 have cyber-security programs that give some role to the armed forces.

• A private can obtain, train and use cyber weapons of war.

• Damaging of a country’s certain crical infrastructure: power, transport, ﬁnancial sector etc. is possible.

• The step from common crime to polically movated acts, even terrorism, is not far.

The Cybersecurity Challenge

• An exclusive, all-out cyber-war has not happened yet, but aacks have happened as part of conﬂicts

• However, Cyber Capabilies do not ﬁt tradional security strategies (deterrence, denial), because: – Problem of aribuon of an aack – Rapidly evolving technology produced and in the hands of the private sector – Use of Non-State actors, Proxies

• Arms control agreements (so far) unrealisc for cyber capabilies – Mulple actors, both state and non-state actors – No commonly accepted deﬁnion of a cyber weapon so far

The Cyber Security Challenge: What Can be Done ?

• These scenarios show that we need:

– to engage in an internaonal discussion on the norms and principles of responsible state behavior in cyber space, including on the conduct of cyber warfare, and its possible exclusion

– In order to establish a universal understanding of the norms and principles of responsible state behavior in cyber space, we need to turn to the United Naons (such as UN GA, UNGGE, WSIS Geneva Acon Line 5)

– To prevent an escalaon we need to develop Conﬁdence Building Measures (CBMs) (e.g. Bilateral Agreements, OSCE, ARF, UN GGE)

– We need Capacity Building at all levels (policy, diplomac and technical) to include also developing and emerging countries

UN Group of Governmental Experts (GGE) on Cybersecurity – 2015: First Set of Peace me norms of responsible State behaviour

• GGE report conﬁrmed that ‘internaonal law, parcularly the UN Charter, is applicable and essenal to maintaining peace and stability and promong an open, secure, peaceful and accessible ICT environment’.

• A State should not conduct or knowingly support ICT that intenonally damages crical infrastructure or otherwise impairs the use and operaon of crical infrastructure to provide services to the public

• States should not knowingly allow their territory to be used for internaonally wrongful acts using ICTs;

• States should consider how best to cooperate to exchange informaon, assist each other, prosecute terrorist and criminal use of ICTs, and implement other cooperave measures to address such threats.

• At the same me, eﬀorts to address the security of ICTs would need to go ‘hand-in-hand with respect for human rights and fundamental freedoms as set forth in the Universal Declaraon of Human Rights and other internaonal instruments.

Cybersecurity and Resilient Internet International Processes: Council of Europe, OSCE, UN GGE, London, ARF Example CBMs Conﬁdence Building Measures: Important Progress at OSCE (CH Presidency) • Nominang contact points;

• Providing their naonal views on various aspects of naonal and transnaonal threats to and in the use of Informaon and Communicaon Technologies;

• Facilitang co-operaon among the competent naonal bodies and exchanging informaon;

• Holding consultaons in order to reduce the risks of mispercepon, and of possible emergence of polical or military tension or conﬂict that may stem from the use of Informaon and Communicaon Technologies;

• Sharing informaon on measures that they have taken to ensure an open, interoperable, secure, and reliable Internet , and on their naonal organizaon; strategies; policies and programs;

• Using the OSCE as a plaorm for dialogue, exchange of best pracces, awareness- raising and informaon on capacity-building; ICT4Peace Report on Transparency and Conﬁdence Building Measures (TCBMs)**

** see Report by Camino Kavanagh, Senior Advisor ICT4Peace: hp://ict4peace.org/what-next-building-conﬁdence-measures-for-the-cyberspace/ ICT4Peace workshop at ETH Zurich June 2013 with the Support of the Swiss Ministry of Foreign Aﬀairs BILATERAL EFFORTS IN THE FIELD OF INTERNATIONAL AND REGIONAL SECURITY Track 1, 1.5 and 2 Dialogues

ICT4Peace Cybersecurity policy and diplomacy capacity building program with diﬀerent regional organisaons.

WHAT ROLE FOR CIVIL SOCIETY AND INDUSTRY IN FURTHERING CYBERSECURITY-RELATED NORMS AND CBMS, PARTICULARLY GIVEN THE UN GGE AND OSCE BREAKTHROUGHS ?

Proposed areas of work for think tanks, academia, business and civil society: i) Transparency and Accountability; ii) Parcipaon; and iii) Deepening the Knowledge Base.

• It calls on states to review procedures, pracces and legislaon on communicaons surveillance and "to establish or maintain exisng independent, eﬀecve domesc oversight mechanisms capable of ensuring transparency, as appropriate, and accountability for State surveillance of communicaons, their intercepon and collecon of personal data.”

• It also asks U.N. human rights chief to present a report to the U.N. Human Rights Council and the U.N. General Assembly on the protecon and promoon of the right to privacy in domesc and extraterritorial surveillance and the intercepon of digital communicaons and collecon of personal data, including on a mass scale.

• At the same me, the challenge of reconciling the occasionally conﬂicng imperaves of ensuring naonal security and respecng human rights cannot be ignored by governments or cizens alike. At the mullateral level, the UN will have to begin to address the cyber security issue in a more coherent fashion. UN Security Council (CTC/CTED) – ICT4Peace Project

• At the same me, the challenge of reconciling the occasionally conﬂicng imperaves of ensuring naonal security and respecng human rights cannot be ignored by governments or ICT4Peace at SDG Summit in New York Countering Violent Extremism & Mobile Advocacy in Myanmar

Thank You ! danielstauﬀ[email protected]